55 matches found
EUVD-2020-5524
Malware in sbrugna...
EUVD-2020-5618
Malware in sbrugna...
EUVD-2022-43238
Malicious code in bioql PyPI...
EUVD-2023-12533
Malicious code in bioql PyPI...
EUVD-2022-34507
Malicious code in bioql PyPI...
EUVD-2023-44533
Malicious code in bioql PyPI...
GitLab Enterprise Edition 安全漏洞
GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions 16.6 through 18.2.7 prior, 18.3 through 18.3.3 prior, and 18.4 through 18.4.1 prior, which stems from the ability of a project...
CVE-2024-5430
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL...
CVE-2023-0483
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site...
CVE-2022-3902
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing...
CVE-2020-13263
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions...
CVE-2024-9806
A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. This vulnerability affects unknown code of the file /rooms/fields of the component Room Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiate...
CVE-2024-9807
A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. This issue affects some unknown processing of the file /sessions of the component Session Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotel...
CVE-2024-9806
Craig Rodway Classroombookings
CVE-2024-9806 Craig Rodway Classroombookings Room Page fields cross site scripting
A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. This vulnerability affects unknown code of the file /rooms/fields of the component Room Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiate...
CVE-2024-8880
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=coreauth&route=forgot&op=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to...
CVE-2024-8370 Grocy SVG File Upload recipepictures cross site scripting
A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...
GHSA-HW28-333W-QXP3 Harbor fails to validate the user permissions when updating project configurations
Impact Harbor fails to validate the maintainer role permissions when creating/updating/deleting project configurations - API call: - PUT /projects/projectnameorid/metadatas/metaname - POST /projects/projectnameorid/metadatas/metaname - DELETE /projects/projectnameorid/metadatas/metaname By sendin...
Harbor fails to validate the user permissions when updating project configurations
Impact Harbor fails to validate the maintainer role permissions when creating/updating/deleting project configurations - API call: - PUT /projects/projectnameorid/metadatas/metaname - POST /projects/projectnameorid/metadatas/metaname - DELETE /projects/projectnameorid/metadatas/metaname By sendin...
CVE-2024-5430
CVE-2024-5430 affects GitLab CE/EE. Affected are all versions from 16.10 up to but not including 16.11.5, from 17.0 up to but not including 17.0.3, and from 17.1 up to but not including 17.1.1. The underlying issue allows a project maintainer to delete the merge request approval policy via GraphQ...